Cb ThreatHunter: Child processes not listed in the events section
search cancel

Cb ThreatHunter: Child processes not listed in the events section

book

Article ID: 290079

calendar_today

Updated On:

Products

Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Process Analysis page shows childprocs in the process tree, but the event list does not contain childprocs and the facet is greyed out

Environment

  • CB ThreatHunter Sensor: 3.4.0.780
  • CB ThreatHunter Console: .43 backend
  • Microsoft Windows: All Versions

Cause

There is an issue when sensor did not discover the initial process start that keeps child process counts from being collects - UAV-713

Resolution

Upgrade to sensor version 3.4.0.820 or higher

Additional Information

  • This issue is more prevelant in certain processes such as powershell.exe
  • If childprocs are not listed for any processes, the sensors may need to be re-installed
    • Uninstall the sensor - https://community.carbonblack.com/t5/Knowledge-Base/Cb-Defense-How-to-Uninstall-Windows-Sensor/ta-p/42739
    • Re-install the sensor - https://community.carbonblack.com/t5/Documentation-Downloads/PSC-Sensor-Installation-Guide/ta-p/52158?attachment-id=9557
Powered by Wolken Software